www-community mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: Disabling client initiated renegotiation
Date Sat, 09 Apr 2011 22:33:20 GMT
On 9 April 2011 22:48, Chris Hill <chris.hillsec@gmail.com> wrote:
> Hi all,
>
> My company relies on Apache for a number of customer facing sites. What's a
> reliable way to disable client initiated renegotiation (both secure and
> insecure renegotiation)?. I know one specific openssl library (l) disables
> this, but then later ones enable "secure" renegotiation, which we need to
> disable.
>
> Ideally, I'd like a solution through an configuration parameter so that
> future versions/upgrades do not re-enable renegotiation.

If you are referring to Apache httpd, that sounds like a question for
the httpd user mailing list [A].

Or if you are using Apache Tomcat, its user list [T] is the place to
ask such questions.


[A] http://httpd.apache.org/lists.html

[T] http://tomcat.apache.org/lists.html

---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org


Mime
View raw message